Case Study: Provisioning Cloud Networking Through Infrastructure As Code (IAC)

Background

A large U.S. Government Agency needed to build out its networking capability in the newly released Amazon Web Services (AWS) GovCloud east region for disaster recovery and high availability functionality. The agency had several AWS accounts supporting a number of applications and environments. The networking for all of these accounts followed a consistent design pattern of a single Virtual Private Cloud (VPC) in the new region, with two subnetworks in each Availability Zone. Additionally, all networks needed to be accessible to several tools and auditing accounts.

Analysis

Simple Technology Solutions (STS) evaluated the network topography of the existing AWS region and proposed changes to fit the customer’s evolving usage patterns and needs. The proposed network architecture changes in the new region needed to be completed expeditiously while minimizing the risk of errors in the network.

Solution

According to modern DevOps best practices, STS determined that an Infrastructure as Code (IaC) solution would best meet the agency needs. By capturing the desired network resources and configurations as code, the solution could be deployed rapidly in each account. Using an existing Terraform footprint, the solution would continue to be supported after deployment.

STS first developed the IaC code in a sandbox AWS environment, then it was reviewed and approved by the agency stakeholders (management, networking, and security teams). Once approved, the solution was deployed to all environments in approximately one hour and application teams were able to build out resilient cloud architecture for their applications.

Benefit

As a ‘develop once, deploy many times’ solution, the networking IaC solution delivered exponential business and technical value after the initial development period. With the new solution, the agency was able to build out highly available applications with robust disaster recovery solutions to reduce the likelihood of outages. Providing the solution as IaC allowed for rapid development, testing, and review, leading to faster implementation and updates. Finally, since the IaC code deployed the same solution in an identical manner each time, human error was eliminated and there were no issues reported in the rollout of the new cloud environment applications.

Solution Architecture Diagram

As a ‘develop once, deploy many times’ solution, the networking IaC solution delivered exponential business and technical value after the initial development period.

Like what you're reading? Start a conversation by booking a meeting with us today. 

Download the Government’s Guide to Achieving Cloud Scale to learn more about design principles necessary for achieving cloud scale.